/*
 * Wazuh Module to analyze system vulnerabilities
 * Copyright (C) 2015-2020, Wazuh Inc.
 * January 4, 2018.
 *
 * This program is free software; you can redistribute it
 * and/or modify it under the terms of the GNU General Public
 * License (version 2) as published by the FSF - Free Software
 * Foundation.
 */

#ifndef WM_VUNALIZER_DB
#define WM_VUNALIZER_DB

#define CVE_DBS_PATH            "queue/vulnerabilities/"
#define CVE_DB CVE_DBS_PATH     "cve.db"

#define AGENTS_TABLE            "AGENTS"
#define CVE_TABLE               "VULNERABILITIES"
#define CVE_INFO_TABLE          "VULNERABILITIES_INFO"
#define CVE_REF_TABLE           "REFERENCES_INFO"
#define CVE_BUG_REF_TABLE       "BUGZILLA_REFERENCES_INFO"
#define CVE_ADVISORY_TABLE      "ADVISORIES_INFO"
#define INFO_STATE_TABLE        "INFO_STATE"
#define METADATA_TABLE          "METADATA"
#define CPEH_SOURCE_TABLE       "CPE_HELPER_SOURCE"
#define CPET_TRANSL_TABLE       "CPE_HELPER_TRANSLATION"
#define CPE_HELPER_TABLE        "CPE_HELPER"
#define VARIABLES_TABLE         "VARIABLES"
#define MAX_QUERY_SIZE          OS_SIZE_1024
#define MAX_SQL_ATTEMPTS        1000
#define SQL_BUSY_SLEEP_MS       1
#define VU_MAX_PACK_REQ         20

typedef enum vu_query {
    SELECT_QUERY,
    DELETE_QUERY,
    VU_CHECK_DB_CONTENT,
    TIMESTAMP_QUERY,
    VU_INSERT_QUERY,
    VU_INSERT_CVE,
    VU_INSERT_CVE_INFO,
    VU_INSERT_REF_INFO,
    VU_INSERT_BUG_REF_INFO,
    VU_INSERT_ADVISORY_INFO,
    VU_INSERT_METADATA,
    VU_INSERT_AGENTS,
    VU_INSERT_AGENT_HOTFIXES,
    VU_INSERT_VARIABLES,
    VU_AGENT_PACKAGE_VERSION,
    VU_UPDATE_CVE,
    VU_UPDATE_CVE_NOT_FIXED,
    VU_UPDATE_CVE_VAL,
    VU_UPDATE_CVE_PACK,
    VU_UPDATE_CVE_IGNORE,
    VU_GET_CVE_UNFIXED,
    VU_REMOVE_UNUSED_ID,
    VU_JOIN_QUERY,
    VU_JOIN_RH_QUERY,
    VU_JOIN_DEBIAN_QUERY,
    VU_GET_VULN_COUNT,
    VU_GET_MATCHES_COUNT,
    VU_GET_VULN_INFO,
    VU_REFS_QUERY,
    VU_BUG_REFS_QUERY,
    VU_ADVISORY_QUERY,
    VU_REMOVE_OS,
    VU_REMOVE_AGENTS_TABLE,
    VU_REMOVE_HOTFIXES_TABLE,
    VU_REMOVE_PATCH,
    VU_GLOBALDB_REQUEST,
    VU_REMOVE_UNUSED_VULS,
    // WAZUH DB REQUESTS
    VU_HOTFIXES_REQUEST,
    VU_SOFTWARE_REQUEST,
    VU_SOFTWARE_FULL_REQ,
    VU_SOFT_SCAN_REQUEST,
    VU_SYSC_UPDATE_SCAN,
    VU_SYSC_UPDATE_CPE,
    VU_SYSC_CLEAN_CPES,
    VU_SYSC_OSWIN_INFO,
    VU_SYSC_OSLNX_INFO,
    VU_LAST_SCAN_REQUEST,
    VU_UPDATE_SCAN_MET,
    VU_HOTF_SCAN_REQUEST,
    // CPE INDEX
    VU_INSERT_CPE,
    VU_REMOVE_CPE,
    VU_REMOVE_AGENT_CPE,
    VU_SEARCH_AGENT_CPE,
    VU_MIN_CPEINDEX,
    VU_GET_PACK_WITHOUT_CPE,
    VU_GET_AGENT_CPES,
    VU_UPDATE_AGENT_CPE,
    // NVD
    VU_GET_NVD_COUNT,
    VU_GET_NVD_LASTMOD,
    VU_REP_NVD_METADATA,
    VU_INSERT_NVD_CVE,
    VU_GET_MAX_NVD_CVE_ID,
    VU_INSERT_NVD_METRIC_CVSS,
    VU_INSERT_NVD_REFERENCE,
    VU_INSERT_NVD_CVE_CONFIGURATION,
    VU_GET_MAX_CONFIGURATION_ID,
    VU_INSERT_NVD_CVE_MATCHES,
    VU_INSERT_NVD_CPE,
    VU_GET_AN_CPE_ID,
    VU_GET_MAX_NVD_CPE_ID,
    VU_GET_OFFLINE_UPDATE,
    // NVD CLEAN
    VU_REMOVE_NVD_METADATA,
    VU_GET_NVD_CVE_YEAR,
    VU_REMOVE_CVE_TABLE_REFS,
    VU_REMOVE_CVE_MATCHES,
    VU_REMOVE_NVD_CPE,
    VU_REMOVE_NVD_CVE,
    VU_GET_NVD_CONFIG,
    // NVD REPORT
    VU_GET_CVE_INFO,
    VU_GET_CVE_INFO_FILTER_CVE,
    VU_GET_CVE,
    VU_GET_REFERENCE,
    VU_GET_SCORING,
    // NVD VULNERABILITY CHECK
    VU_GET_DICT_CPE,
    VU_GET_NVD_CPE,
    VU_GET_NVD_MATCHES,
    VU_GET_CONF,
    VU_GET_CONF_AND,
    VU_GET_MATCHES_AND,
    VU_GET_CPE_AND,
    VU_GET_AGENTCPE_AND,
    VU_GET_GENERIC_PACKAGE_APP,
    VU_GET_GENERIC_PACKAGE_OS,
    VU_GET_SPECIFIC_PACKAGE_APP,
    VU_GET_SPECIFIC_PACKAGE_OS,
    VU_GET_CHILDREN,
    VU_GET_SIBLINGS,
    VU_GET_NVD_MATCHES_COUNT,
    // SQL OPERATIONS
    VU_REMOVE_SQUENCE,
    // WAZUH CPE DICTIONARY
    VU_REMOVE_CPE_DIC,
    VU_INSERT_CPE_HELPER,
    VU_INSERT_CPE_SOURCE,
    VU_INSERT_CPE_TRANSLATION,
    VU_GET_DIC_MATCHES,
    VU_GET_EXACT_TERM,
    VU_GET_TRANSLATION_TERM,
    // MSU
    VU_REMOVE_MSU,
    VU_REMOVE_MSU_SUP,
    VU_INSERT_MSU,
    VU_INSERT_MSU_SUPER,
    VU_HOTFX_SIMPLE,
    VU_HOTFX_WITHOUT_R2,
    VU_CHECK_AGENT_HOTFIX,
    // TRANSACTIONS
    BEGIN_T,
    END_T
} vu_query;

static const char *vu_queries[] = {
    "SELECT %s FROM %s WHERE %s;",
    "DELETE FROM %s;",
    "SELECT COUNT(*) FROM VULNERABILITIES WHERE TARGET = ?;",
    "SELECT TIMESTAMP FROM " METADATA_TABLE " WHERE TARGET = ?;",
    "INSERT INTO ",
    "INSERT INTO " CVE_TABLE " VALUES(?,?,?,?,?,?,?,?);",
    "INSERT INTO " CVE_INFO_TABLE " VALUES(?,?,?,?,?,?,?,?,?,?,?,?);",
    "INSERT INTO " CVE_REF_TABLE " VALUES(?,?,?);",
    "INSERT INTO " CVE_BUG_REF_TABLE " VALUES(?,?,?);",
    "INSERT INTO " CVE_ADVISORY_TABLE " VALUES(?,?,?);",
    "INSERT INTO " METADATA_TABLE " VALUES(?,?,?,?,?);",
    "INSERT INTO " AGENTS_TABLE " VALUES(?,?,?,?,?,?,?,?,?,?);",
    "INSERT INTO AGENT_HOTFIXES VALUES(?,?);",
    "INSERT INTO " VARIABLES_TABLE " VALUES(?,?,?);",
    "SELECT SOURCE, PACKAGE_NAME, VERSION, SRC_VERSION, ARCH FROM AGENTS WHERE AGENT_ID = ?;",
    "UPDATE " CVE_TABLE " SET PACKAGE = ?, OPERATION = ? WHERE OPERATION = ?;",
    "UPDATE " CVE_TABLE " SET PACKAGE = ?, OPERATION = ?, OPERATION_VALUE = ? WHERE OPERATION = ?;",
    "UPDATE " CVE_TABLE " SET OPERATION = ?, OPERATION_VALUE = ? WHERE OPERATION = ?;",
    "UPDATE " CVE_TABLE " SET PACKAGE = ?, CHECK_VARS = ? WHERE PACKAGE = ?;",
    "UPDATE " CVE_TABLE " SET IGNORE = ? WHERE PACKAGE = ? AND CVEID = ? AND TARGET = ?;",
    "SELECT CVEID, PACKAGE FROM " CVE_TABLE " WHERE TARGET = ? AND OPERATION_VALUE = ?",
    "DELETE FROM " CVE_TABLE " WHERE PACKAGE = ?;",
    "SELECT CVEID, (CASE WHEN VALUE IS NOT NULL THEN VALUE ELSE PACKAGE_NAME END), SOURCE, VERSION, ARCH, OPERATION, OPERATION_VALUE, SRC_VERSION \
            FROM VULNERABILITIES LEFT JOIN VARIABLES ON VARIABLES.VID = VULNERABILITIES.PACKAGE AND VARIABLES.TARGET = VULNERABILITIES.TARGET \
                                 INNER JOIN AGENTS ON PACKAGE_NAME = (CASE WHEN VALUE IS NOT NULL THEN VALUE ELSE PACKAGE END) \
            WHERE IGNORE = 0 AND VULNERABILITIES.TARGET = ? AND AGENT_ID = ? \
            ORDER BY CVEID, PACKAGE_NAME, VERSION, ARCH;",
    "SELECT DISTINCT CVEID, PACKAGE_NAME, SOURCE, VERSION, ARCH, OPERATION, OPERATION_VALUE, SRC_VERSION \
            FROM VULNERABILITIES INNER JOIN AGENTS ON PACKAGE = (CASE WHEN SOURCE IS NOT NULL THEN SOURCE ELSE PACKAGE_NAME END) \
            WHERE IGNORE = 0 AND (VULNERABILITIES.TARGET = TARGET_MAJOR OR VULNERABILITIES.TARGET IS NULL OR (TARGET_MAJOR IS NULL AND VULNERABILITIES.TARGET = ?)) AND AGENT_ID = ? \
            ORDER BY CVEID, PACKAGE_NAME, VERSION, ARCH;",
    "SELECT CVEID, PACKAGE_NAME, SOURCE, VERSION, ARCH, OPERATION, OPERATION_VALUE, SRC_VERSION \
            FROM VULNERABILITIES INNER JOIN AGENTS ON PACKAGE = (CASE WHEN SOURCE IS NOT NULL THEN SOURCE ELSE PACKAGE_NAME END) \
            WHERE IGNORE = 0 AND VULNERABILITIES.TARGET = ? AND AGENT_ID = ? \
            ORDER BY CVEID, PACKAGE_NAME, VERSION, ARCH;",
    "SELECT COUNT(*) FROM VULNERABILITIES WHERE CVEID = ? AND TARGET = ?;",
    "SELECT COUNT(*) \
            FROM VULNERABILITIES LEFT JOIN VARIABLES ON VID = PACKAGE AND VARIABLES.TARGET = VULNERABILITIES.TARGET \
            WHERE CVEID = ? AND VULNERABILITIES.TARGET = ? AND IGNORE = 1 AND (CASE WHEN VALUE IS NOT NULL THEN VALUE ELSE PACKAGE END) = ?;",
    "SELECT TITLE, SEVERITY, PUBLISHED, UPDATED, RATIONALE, CVSS, CVSS3, CVSS_VECTOR, CVSS3_VECTOR, CWE FROM VULNERABILITIES_INFO WHERE ID = ? AND TARGET = ?;",
    "SELECT REFERENCE FROM " CVE_REF_TABLE " WHERE ID = ? AND TARGET = ?;",
    "SELECT BUGZILLA_REFERENCE FROM " CVE_BUG_REF_TABLE " WHERE ID = ? AND TARGET = ?;",
    "SELECT ADVISORY FROM " CVE_ADVISORY_TABLE " WHERE ID = ? AND TARGET = ?;",
    "DELETE FROM %s WHERE TARGET = ?;",
    "DELETE FROM " AGENTS_TABLE ";",
    "DELETE FROM AGENT_HOTFIXES;",
    "DELETE FROM " CVE_TABLE " WHERE CVEID = ?;",
    "SELECT OS_NAME, OS_MAJOR, NAME, ID, REGISTER_IP, OS_ARCH, OS_BUILD FROM AGENT WHERE (STRFTIME('%s', 'NOW') - LAST_KEEPALIVE) < ? ORDER BY ID ASC;",
    "DELETE FROM " CVE_TABLE " WHERE PACKAGE LIKE '%:tst:%';",
    // WAZUH DB REQUESTS
    "agent %s sql SELECT HOTFIX FROM SYS_HOTFIXES WHERE SCAN_ID='%s';",
    "agent %s sql SELECT DISTINCT NAME, VERSION, ARCHITECTURE, VENDOR, SOURCE, CPE, MSU_NAME FROM SYS_PROGRAMS WHERE TRIAGED != 1 AND SCAN_ID = '%s' LIMIT %i OFFSET %i;",
    "agent %s sql SELECT DISTINCT NAME, VERSION, ARCHITECTURE, VENDOR, SOURCE, CPE, MSU_NAME FROM SYS_PROGRAMS WHERE SCAN_ID = '%s' LIMIT %i OFFSET %i;",
    "agent %s sql SELECT SCAN_ID FROM SYS_PROGRAMS WHERE SCAN_TIME = (SELECT SCAN_TIME FROM SYS_PROGRAMS S1 WHERE NOT EXISTS (SELECT SCAN_TIME FROM SYS_PROGRAMS S2 WHERE S2.SCAN_TIME > S1.SCAN_TIME)) LIMIT 1;",
    "agent %s sql UPDATE SYS_PROGRAMS SET TRIAGED = 1 WHERE SCAN_ID = '%s';",
    "agent %s sql UPDATE SYS_PROGRAMS SET CPE = '%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s', MSU_NAME = '%s' WHERE VENDOR = '%s' AND NAME = '%s' AND VERSION = '%s' AND ARCHITECTURE = '%s';",
    "agent %s sql UPDATE SYS_PROGRAMS SET CPE = NULL, MSU_NAME = NULL;",
    "agent %s sql SELECT OS_RELEASE FROM SYS_OSINFO;",
    "agent %s sql SELECT OS_MAJOR, OS_MINOR, RELEASE FROM SYS_OSINFO;",
    "agent %s sql SELECT LAST_SCAN, WAZUH_VERSION, HOTFIX_SCAN_ID FROM VULN_METADATA;",
    "agent %s sql UPDATE VULN_METADATA SET LAST_SCAN='%u', WAZUH_VERSION='%s';",
    "agent %s sql SELECT SCAN_ID FROM SYS_HOTFIXES ORDER BY SCAN_TIME DESC LIMIT 1;",
    // CPE INDEX
    "INSERT INTO CPE_INDEX VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?);",
    "DELETE FROM CPE_INDEX;",
    "DELETE FROM CPE_INDEX WHERE ID < 0;",
    "SELECT DISTINCT PART FROM CPE_INDEX WHERE PART = 'a' AND VENDOR = ? AND PRODUCT = ?;",
    "SELECT MIN(ID) FROM CPE_INDEX;",
    "SELECT VENDOR, PACKAGE_NAME, VERSION, ARCH FROM AGENTS WHERE AGENT_ID = ? AND CPE_INDEX_ID = 0;",
    "SELECT PART, CPE_INDEX.VENDOR, PRODUCT, CPE_INDEX.VERSION, UPDATEV, EDITION, LANGUAGE, SW_EDITION, TARGET_SW, TARGET_HW, OTHER, MSU_NAME, AGENTS.VENDOR, PACKAGE_NAME, AGENTS.VERSION, ARCH FROM AGENTS JOIN CPE_INDEX ON CPE_INDEX_ID = ID WHERE AGENT_ID = ?;",
    "UPDATE AGENTS SET CPE_INDEX_ID = ? WHERE AGENT_ID = ? AND VENDOR IS ? AND PACKAGE_NAME = ? AND VERSION = ? AND ARCH = ?;",
    // NVD
    "SELECT COUNT(*) FROM NVD_CVE;",
    "SELECT LAST_MODIFIED FROM NVD_METADATA WHERE YEAR = ?;",
    "REPLACE INTO NVD_METADATA VALUES(?,?,?,?,?,?,?,?);",
    "INSERT INTO NVD_CVE VALUES(NULL,?,?,?,?,?,?,?,?);",
    "SELECT MAX(ID) FROM NVD_CVE;",
    "INSERT INTO NVD_METRIC_CVSS VALUES(NULL,?,?,?,?,?,?);",
    "INSERT INTO NVD_REFERENCE VALUES(NULL,?,?,?);",
    "INSERT INTO NVD_CVE_CONFIGURATION VALUES(NULL,?,?,?);",
    "SELECT MAX(ID) FROM NVD_CVE_CONFIGURATION;",
    "INSERT INTO NVD_CVE_MATCH VALUES(NULL,?,?,?,?,?,?,?,?);",
    "INSERT INTO NVD_CPE VALUES(?,?,?,?,?,?,?,?,?,?,?,?);",
    "SELECT ID FROM NVD_CPE WHERE PART = ? AND VENDOR = ? AND PRODUCT = ? AND VERSION = ? AND UPDATED = ? AND EDITION = ? AND LANGUAGE = ? AND SW_EDITION = ? AND TARGET_SW = ? AND TARGET_HW = ? AND OTHER = ?;",
    "SELECT MAX(ID) FROM NVD_CPE;",
    "SELECT * FROM NVD_METADATA WHERE ALTERNATIVE = 1;",
    // NVD CLEAN
    "DELETE FROM NVD_METADATA WHERE YEAR = ?;",
    "SELECT ID FROM NVD_CVE WHERE NVD_METADATA_YEAR = ?;",
    "DELETE FROM NVD_METRIC_CVSS WHERE NVD_CVE_ID = ?; DELETE FROM NVD_REFERENCE WHERE NVD_CVE_ID = ?; DELETE FROM NVD_CVE_CONFIGURATION WHERE NVD_CVE_ID = ?;",
    "DELETE FROM NVD_CVE_MATCH WHERE NVD_CVE_CONFIGURATION_ID = ?;",
    "DELETE FROM NVD_CPE WHERE ID NOT IN (SELECT DISTINCT ID_CPE FROM NVD_CVE_MATCH);",
    "DELETE FROM NVD_CVE WHERE NVD_METADATA_YEAR = ?;",
    "SELECT ID FROM NVD_CVE_CONFIGURATION WHERE NVD_CVE_ID = ?;",
    // NVD REPORT
    "SELECT CVE_ID, CWE_ID, ASSIGNER, DESCRIPTION, VERSION, PUBLISHED, LAST_MODIFIED FROM NVD_CVE WHERE ID = ?;",
    "SELECT ID, CWE_ID, ASSIGNER, DESCRIPTION, VERSION, PUBLISHED, LAST_MODIFIED FROM NVD_CVE WHERE CVE_ID = ?;",
    "SELECT CVE_ID FROM NVD_CVE WHERE ID = ?;",
    "SELECT URL, REF_SOURCE FROM NVD_REFERENCE WHERE NVD_CVE_ID = ?;",
    "SELECT VECTOR_STRING, BASE_SCORE, EXPLOITABILITY_SCORE, IMPACT_SCORE, VERSION FROM NVD_METRIC_CVSS WHERE NVD_CVE_ID = ?;",
    // NVD VULNERABILITY CHECK
    "SELECT CPE_INDEX.PART, CPE_INDEX.VENDOR, CPE_INDEX.PRODUCT, CPE_INDEX.VERSION, CPE_INDEX.UPDATEV, CPE_INDEX.EDITION, CPE_INDEX.LANGUAGE, CPE_INDEX.SW_EDITION, CPE_INDEX.TARGET_SW, CPE_INDEX.TARGET_HW, CPE_INDEX.MSU_NAME, AGENTS.PACKAGE_NAME, AGENTS.VERSION, AGENTS.ARCH FROM AGENTS INNER JOIN CPE_INDEX ON AGENTS.AGENT_ID = ? AND AGENTS.CPE_INDEX_ID < 0 AND CPE_INDEX.ID = AGENTS.CPE_INDEX_ID;",
    "SELECT NVD_CPE.ID FROM NVD_CPE WHERE NVD_CPE.PART = ? AND NVD_CPE.VENDOR = ? AND NVD_CPE.PRODUCT = ? AND (NVD_CPE.VERSION = ? OR NVD_CPE.VERSION = '*' OR NVD_CPE.VERSION = '-') AND (NVD_CPE.UPDATED = '*' OR NVD_CPE.UPDATED = ?) AND (NVD_CPE.EDITION = '*' OR NVD_CPE.EDITION = ? OR NVD_CPE.EDITION = '') AND (NVD_CPE.LANGUAGE = '*' OR NVD_CPE.LANGUAGE = ? OR NVD_CPE.LANGUAGE = '') AND (NVD_CPE.SW_EDITION = '*' OR NVD_CPE.SW_EDITION = ? OR NVD_CPE.SW_EDITION = '') AND (NVD_CPE.TARGET_SW = '*' OR NVD_CPE.TARGET_SW = '-' OR NVD_CPE.TARGET_SW = '') AND (NVD_CPE.TARGET_HW = '*' OR NVD_CPE.TARGET_HW = '-' OR NVD_CPE.TARGET_HW = ?);",
    "SELECT NVD_CVE_MATCH.NVD_CVE_CONFIGURATION_ID, NVD_CVE_MATCH.URI, NVD_CVE_MATCH.VULNERABLE, NVD_CVE_MATCH.VERSION_START_INCLUDING, NVD_CVE_MATCH.VERSION_START_EXCLUDING, NVD_CVE_MATCH.VERSION_END_INCLUDING, NVD_CVE_MATCH.VERSION_END_EXCLUDING FROM NVD_CVE_MATCH WHERE NVD_CVE_MATCH.ID_CPE = ?;",
    "SELECT NVD_CVE_CONFIGURATION.NVD_CVE_ID, NVD_CVE_CONFIGURATION.OPERATOR, NVD_CVE_CONFIGURATION.PARENT FROM NVD_CVE_CONFIGURATION WHERE NVD_CVE_CONFIGURATION.ID = ?;",
    "SELECT ID FROM NVD_CVE_CONFIGURATION WHERE PARENT=(SELECT ID FROM NVD_CVE_CONFIGURATION WHERE ID=? AND OPERATOR='AND') AND ID!=?;",
    "SELECT ID FROM NVD_CVE_MATCH WHERE NVD_CVE_CONFIGURATION_ID = ?;",
    "SELECT VENDOR, PRODUCT FROM NVD_CPE WHERE ID = ?;",
    "SELECT CPEI.ID INNER JOIN CPE_INDEX CPEI ON CPEI.VENDOR=? AND CPEI.PRODUCT=? AND CPEI.ID<0 INNER JOIN AGENTS AG ON AG.CPE_INDEX_ID = CPEI.ID AND AG.AGENT_ID=?;",
    "SELECT NVD_CVE.CVE_ID, NVD_CVE_MATCH.VERSION_START_INCLUDING, NVD_CVE_MATCH.VERSION_START_EXCLUDING, NVD_CVE_MATCH.VERSION_END_INCLUDING, NVD_CVE_MATCH.VERSION_END_EXCLUDING, NVD_CVE_MATCH.ID, NVD_CVE_MATCH.NVD_CVE_CONFIGURATION_ID, NVD_CVE_MATCH.VULNERABLE, \
	        NVD_CVE_CONFIGURATION.PARENT, NVD_CVE_CONFIGURATION.OPERATOR, NVD_CPE.VENDOR, NVD_CPE.TARGET_SW \
            FROM NVD_CPE INNER JOIN NVD_CVE_MATCH ON NVD_CPE.ID = NVD_CVE_MATCH.ID_CPE \
                         INNER JOIN NVD_CVE_CONFIGURATION ON  NVD_CVE_CONFIGURATION.ID = NVD_CVE_MATCH.NVD_CVE_CONFIGURATION_ID \
                         INNER JOIN NVD_CVE ON NVD_CVE_CONFIGURATION.NVD_CVE_ID = NVD_CVE.ID \
            WHERE NVD_CPE.PART = 'a' AND NVD_CPE.PRODUCT = ? AND (NVD_CPE.VERSION = '*' OR NVD_CPE.VERSION = '-');",
    "SELECT NVD_CVE.CVE_ID, NVD_CVE_MATCH.VERSION_START_INCLUDING, NVD_CVE_MATCH.VERSION_START_EXCLUDING, NVD_CVE_MATCH.VERSION_END_INCLUDING, NVD_CVE_MATCH.VERSION_END_EXCLUDING, NVD_CVE_MATCH.ID, NVD_CVE_MATCH.NVD_CVE_CONFIGURATION_ID, NVD_CVE_MATCH.VULNERABLE, \
	        NVD_CVE_CONFIGURATION.PARENT, NVD_CVE_CONFIGURATION.OPERATOR, NVD_CPE.VENDOR, NVD_CPE.TARGET_SW \
            FROM NVD_CPE INNER JOIN NVD_CVE_MATCH ON NVD_CPE.ID = NVD_CVE_MATCH.ID_CPE \
                         INNER JOIN NVD_CVE_CONFIGURATION ON  NVD_CVE_CONFIGURATION.ID = NVD_CVE_MATCH.NVD_CVE_CONFIGURATION_ID \
                         INNER JOIN NVD_CVE ON NVD_CVE_CONFIGURATION.NVD_CVE_ID = NVD_CVE.ID \
            WHERE NVD_CPE.PART = 'o' AND (NVD_CPE.PRODUCT = ? OR NVD_CPE.PRODUCT = 'linux') AND (NVD_CPE.VERSION = '*' OR NVD_CPE.VERSION = '-') AND NVD_CPE.VENDOR = ?;",
    "SELECT NVD_CVE.CVE_ID, NVD_CPE.VERSION, NVD_CVE_MATCH.ID, NVD_CVE_MATCH.NVD_CVE_CONFIGURATION_ID, NVD_CVE_MATCH.VULNERABLE, NVD_CVE_CONFIGURATION.PARENT, NVD_CVE_CONFIGURATION.OPERATOR, NVD_CPE.VENDOR, NVD_CPE.TARGET_SW \
            FROM NVD_CPE INNER JOIN NVD_CVE_MATCH ON NVD_CPE.ID = NVD_CVE_MATCH.ID_CPE \
                         INNER JOIN NVD_CVE_CONFIGURATION ON  NVD_CVE_CONFIGURATION.ID = NVD_CVE_MATCH.NVD_CVE_CONFIGURATION_ID \
                         INNER JOIN NVD_CVE ON NVD_CVE_CONFIGURATION.NVD_CVE_ID = NVD_CVE.ID \
            WHERE NVD_CPE.PART = 'a' AND NVD_CPE.PRODUCT = ? AND NVD_CPE.VERSION LIKE ? ;",
    "SELECT NVD_CVE.CVE_ID, NVD_CPE.VERSION, NVD_CVE_MATCH.ID, NVD_CVE_MATCH.NVD_CVE_CONFIGURATION_ID, NVD_CVE_MATCH.VULNERABLE, NVD_CVE_CONFIGURATION.PARENT, NVD_CVE_CONFIGURATION.OPERATOR, NVD_CPE.VENDOR, NVD_CPE.TARGET_SW \
            FROM NVD_CPE INNER JOIN NVD_CVE_MATCH ON NVD_CPE.ID = NVD_CVE_MATCH.ID_CPE \
                         INNER JOIN NVD_CVE_CONFIGURATION ON  NVD_CVE_CONFIGURATION.ID = NVD_CVE_MATCH.NVD_CVE_CONFIGURATION_ID \
                         INNER JOIN NVD_CVE ON NVD_CVE_CONFIGURATION.NVD_CVE_ID = NVD_CVE.ID \
            WHERE NVD_CPE.PART = 'o' AND (NVD_CPE.PRODUCT = ? OR NVD_CPE.PRODUCT = 'linux') AND NVD_CPE.VERSION LIKE ? AND NVD_CPE.VENDOR = ?;",
    "SELECT ID FROM NVD_CVE_MATCH WHERE NVD_CVE_CONFIGURATION_ID = ? AND ID != ?;",
    "SELECT ID FROM NVD_CVE_CONFIGURATION WHERE PARENT = ? AND ID != ?;",
    "SELECT COUNT(*) \
            FROM NVD_CPE INNER JOIN NVD_CVE_MATCH ON NVD_CPE.ID = NVD_CVE_MATCH.ID_CPE \
                         INNER JOIN NVD_CVE_CONFIGURATION ON NVD_CVE_CONFIGURATION.ID = NVD_CVE_MATCH.NVD_CVE_CONFIGURATION_ID \
                         INNER JOIN NVD_CVE ON NVD_CVE_CONFIGURATION.NVD_CVE_ID = NVD_CVE.ID \
                         WHERE ((NVD_CPE.VERSION = '*' OR NVD_CPE.VERSION = '-') \
                                AND NVD_CVE_MATCH.VERSION_START_INCLUDING IS NULL \
                                AND NVD_CVE_MATCH.VERSION_START_EXCLUDING IS NULL \
                                AND NVD_CVE_MATCH.VERSION_END_INCLUDING IS NULL \
                                AND NVD_CVE_MATCH.VERSION_END_EXCLUDING IS NULL) \
                               AND NVD_CVE.CVE_ID = ? AND (NVD_CPE.PRODUCT = ? OR NVD_CPE.PRODUCT = ?)",
    // SQL OPERATIONS
    "DELETE FROM SQLITE_SEQUENCE WHERE NAME = ?;",
    // WAZUH CPE DICTIONARY
    "DELETE FROM CPE_HELPER; DELETE FROM CPE_HELPER_SOURCE; DELETE FROM CPE_HELPER_TRANSLATION;",
    "INSERT INTO CPE_HELPER VALUES(?,?,?);",
    "INSERT INTO CPE_HELPER_SOURCE VALUES(?,?,?,?);",
    "INSERT INTO CPE_HELPER_TRANSLATION VALUES(?,?,?,?,?,?);",
    "SELECT DISTINCT VENDOR, PACKAGE_NAME, VERSION, ARCH, ID, ACTION FROM AGENTS INNER JOIN CPE_HELPER_SOURCE T1 ON AGENT_ID = ? AND T1.TYPE = 'vendor' AND (VENDOR REGEXP T1.TERM OR (T1.TERM IS NULL AND VENDOR IS NULL)) INNER JOIN CPE_HELPER ON ID = T1.ID_HELPER INNER JOIN CPE_HELPER_SOURCE T2 ON ID = T2.ID_HELPER AND T2.TYPE = 'product' AND PACKAGE_NAME REGEXP T2.TERM;",
    "SELECT TERM, CORRELATION_ID FROM CPE_HELPER_SOURCE WHERE ID_HELPER = ? AND TYPE = ? AND CASE WHEN ? = '' THEN TERM ELSE ? END REGEXP TERM ORDER BY CORRELATION_ID;",
    "SELECT TERM, COMPARE_FIELD, CONDITION FROM CPE_HELPER_TRANSLATION WHERE ID_HELPER = ? AND TYPE = ? AND CORRELATION_ID = ?;",
    // MSU
    "DELETE FROM MSU;",
    "DELETE FROM MSU_SUPERSEDENCE;",
    "INSERT INTO MSU VALUES(?,?,?,?,?,?,?,?);",
    "INSERT INTO MSU_SUPERSEDENCE VALUES(?,?);",
    "SELECT DISTINCT M1.PATCH, SUPER FROM MSU M1 INNER JOIN MSU_SUPERSEDENCE ON MSU_SUPERSEDENCE.PATCH = M1.PATCH WHERE M1.CVEID = ? AND M1.PRODUCT REGEXP ?%s;",
    "SELECT DISTINCT M1.PATCH, SUPER FROM MSU M1 INNER JOIN MSU_SUPERSEDENCE ON MSU_SUPERSEDENCE.PATCH = M1.PATCH WHERE M1.CVEID = ? AND M1.PRODUCT REGEXP ? AND M1.PRODUCT NOT LIKE '% R2%%'%s;",
    "SELECT HOTFIX FROM AGENT_HOTFIXES WHERE AGENT_ID = ? AND HOTFIX LIKE ?;",
    // TRANSACTIONS
    "BEGIN TRANSACTION;",
    "END TRANSACTION;"};

extern char *schema_vuln_detector_sql;

#endif
